Switch to osu! API v2

[TicClick]

this one is going to take a lot of time. osu! API v2 requires OAuth, which in case of osu! means perishable authentication tokens -- if I recall correctly, they expire after 86,400 seconds (24 hours).

kind of torn here, since if I want to keep the client effortless to use, I need to write and host a small server which does two things:

1. handle OAuth authentication flow and refresh the tokens on users' behalf -- sure, it could run on localhost instead (as I did in https://github.com/TicClick/coral, since it only needs to pick up a token from a redirect URL), but very few people will keep their PCs up and running for more than 24 hours. that means that an API token once issued will expire
2. handle token requests from clients, which means I need to add my own authentication layer, similarly to what other applications do to avoid requiring users to log in every time:
   • stable: keeps a password hash locally
   • lazer: does something similar I believe (password hash/non-expiring token tied to a device)
   • IRC: uses a constant plaintext password for authentication
   • some smart web apps: do just what I described (secure a token, refresh it server-side)

[TicClick]

https://github.com/TicClick/relay

• report the session identifier back to steel after generation
• [x] allow fetching osu! API tokens from steel based on session identifier
• [x] add rate limiting
• [x] add token refreshing routine